From patchwork Thu Jan 11 17:32:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58791 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 44F6D27BBEA; Thu, 11 Jan 2024 17:33:35 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 6B1AF27BBE2 for ; Thu, 11 Jan 2024 17:33:33 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvV-00046n-IE; Thu, 11 Jan 2024 12:33:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvT-00044a-Gq for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:07 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvT-0001gx-72 for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:07 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvQ-0007i7-Ku for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:04 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 1/6] mapped-devices: Allow unlocking by a key file. References: In-Reply-To: Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499436329576 (code B ref 65002); Thu, 11 Jan 2024 17:33:04 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:43 +0000 Received: from localhost ([127.0.0.1]:33752 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyv4-0007gs-6J for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:42 -0500 Received: from wolfsden.cz ([37.205.8.62]:45618) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuu-0007fg-UX for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:37 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id E0E632507AC; Thu, 11 Jan 2024 17:32:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994352; bh=lHhs3cBVhmZ9vJfZow/R++juhXY33XOvQVgyIOmAY+E=; h=From:To:Cc:Subject:Date; b=x4YhaYR4fc5DmzpHWgQ8b33oLDjuXrgzkMJeSVGWo7aMwCZyrGnp6cEbVFghOQA2w At03KRTv4UD3WAuNNbrOUUji+NTmH1w1KxbtEiIC7ug1L+mDP11jJcRL9asGkeFYJl v7zsxz/pZSQUXI04OEEPvf/thHxR2/zHRpAhtO4SC5uRLP0eB3v6HTKSkF62Aov4b2 moelnFQ/8bf7pTogtHXZYHgTL3ovLcOx1SBX+KDSf7mrVv7F/JvsoJVXOB8Zmu5BBe h7MvZ52+N8HKsmxCtFxmhPsY6uHrOFC9pKFsPmn5GyViXAMOjKS9txiOo4MRjU+5Dl asSoUPdxTlGvDsKx2p6mzQdL62v3/mDMe97Ma2NDx71NYqDnN+01Di2ayzIZfnh4Iy cuEyLASQcuYnjJB9HQaF6tNI+eC30Aa9HIwAkYaKdM7JI9qhqy3uJL/QT+o9av2qpH L5yDAkfOjP6awZ5t4HkFBINxfKYq8s+mV6le89Ilw6lqviAJ8dZefz1HUkMGQv6flO /M61C+jkE5mrdgeTboXsmEYOOTcAnJ5WG9rcG2pwGF1G7CiwpnN9bm6RYASmEAv2rL jrlsPBs+guZO1Tx022zR0l3ONAcCTyzJ6hQn0aQb+rZHQrfe3PaBUBiRNTVYsr2ZAT Rtkus+n0rp6Tgem22bXO2/KA= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id 4722724FBC8; Thu, 11 Jan 2024 17:32:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994352; bh=lHhs3cBVhmZ9vJfZow/R++juhXY33XOvQVgyIOmAY+E=; h=From:To:Cc:Subject:Date; b=x4YhaYR4fc5DmzpHWgQ8b33oLDjuXrgzkMJeSVGWo7aMwCZyrGnp6cEbVFghOQA2w At03KRTv4UD3WAuNNbrOUUji+NTmH1w1KxbtEiIC7ug1L+mDP11jJcRL9asGkeFYJl v7zsxz/pZSQUXI04OEEPvf/thHxR2/zHRpAhtO4SC5uRLP0eB3v6HTKSkF62Aov4b2 moelnFQ/8bf7pTogtHXZYHgTL3ovLcOx1SBX+KDSf7mrVv7F/JvsoJVXOB8Zmu5BBe h7MvZ52+N8HKsmxCtFxmhPsY6uHrOFC9pKFsPmn5GyViXAMOjKS9txiOo4MRjU+5Dl asSoUPdxTlGvDsKx2p6mzQdL62v3/mDMe97Ma2NDx71NYqDnN+01Di2ayzIZfnh4Iy cuEyLASQcuYnjJB9HQaF6tNI+eC30Aa9HIwAkYaKdM7JI9qhqy3uJL/QT+o9av2qpH L5yDAkfOjP6awZ5t4HkFBINxfKYq8s+mV6le89Ilw6lqviAJ8dZefz1HUkMGQv6flO /M61C+jkE5mrdgeTboXsmEYOOTcAnJ5WG9rcG2pwGF1G7CiwpnN9bm6RYASmEAv2rL jrlsPBs+guZO1Tx022zR0l3ONAcCTyzJ6hQn0aQb+rZHQrfe3PaBUBiRNTVYsr2ZAT Rtkus+n0rp6Tgem22bXO2/KA= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:11 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Tomas Volf Requiring the user to input their password in order to unlock a device is not always reasonable, so having an option to unlock the device using a key file is a nice quality of life change. * gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument. (luks-device-mapping-with-options): New procedure. * doc/guix.texi (Mapped Devices): Describe the new procedure. Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4 --- doc/guix.texi | 25 +++++++++++++ gnu/system/mapped-devices.scm | 67 ++++++++++++++++++++++------------- 2 files changed, 67 insertions(+), 25 deletions(-) base-commit: 5c0f77f4241c9beac0c82deae946bfdc70b49ff0 diff --git a/doc/guix.texi b/doc/guix.texi index 395545bed7..b1202f2182 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -123,6 +123,7 @@ Copyright @copyright{} 2023 Thomas Ieong@* Copyright @copyright{} 2023 Saku Laesvuori@* Copyright @copyright{} 2023 Graham James Addis@* +Copyright @copyright{} 2023 Tomas Volf@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -17992,6 +17993,30 @@ Mapped Devices @code{dm-crypt} Linux kernel module. @end defvar +@deffn {Procedure} luks-device-mapping-with-options [#:key-file] +Return a @code{luks-device-mapping} object, which defines LUKS block +device encryption using the @command{cryptsetup} command from the +package with the same name. It relies on the @code{dm-crypt} Linux +kernel module. + +If @code{key-file} is provided, unlocking is first attempted using that +key file. This has an advantage of not requiring a password entry, so +it can be used (for example) to unlock RAID arrays automatically on +boot. If key file unlock fails, password unlock is attempted as well. +Key file is not stored in the store and needs to be available at the +given location at the time of the unlock attempt. + +@lisp +;; Following definition would be equivalent to running: +;; cryptsetup open --key-file /crypto.key /dev/sdb1 data +(mapped-device + (source "/dev/sdb1) + (target "data) + (type (luks-device-mapping-with-options + #:key-file "/crypto.key"))) +@end lisp +@end deffn + @defvar raid-device-mapping This defines a RAID device, which is assembled using the @code{mdadm} command from the package with the same name. It requires a Linux kernel diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index e6b8970c12..c19a818453 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014-2022 Ludovic Courtès ;;; Copyright © 2016 Andreas Enge ;;; Copyright © 2017, 2018 Mark H Weaver +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -64,6 +65,7 @@ (define-module (gnu system mapped-devices) check-device-initrd-modules ;XXX: needs a better place luks-device-mapping + luks-device-mapping-with-options raid-device-mapping lvm-device-mapping)) @@ -188,7 +190,7 @@ (define (check-device-initrd-modules device linux-modules location) ;;; Common device mappings. ;;; -(define (open-luks-device source targets) +(define* (open-luks-device source targets #:key key-file) "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure @@ -198,7 +200,8 @@ (define (open-luks-device source targets) ((target) #~(let ((source #$(if (uuid? source) (uuid-bytevector source) - source))) + source)) + (keyfile #$key-file)) ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) @@ -215,29 +218,35 @@ (define (open-luks-device source targets) ;; 'cryptsetup open' requires standard input to be a tty to allow ;; for interaction but shepherd sets standard input to /dev/null; ;; thus, explicitly request a tty. - (zero? (system*/tty - #$(file-append cryptsetup-static "/sbin/cryptsetup") - "open" "--type" "luks" - - ;; Note: We cannot use the "UUID=source" syntax here - ;; because 'cryptsetup' implements it by searching the - ;; udev-populated /dev/disk/by-id directory but udev may - ;; be unavailable at the time we run this. - (if (bytevector? source) - (or (let loop ((tries-left 10)) - (and (positive? tries-left) - (or (find-partition-by-luks-uuid source) - ;; If the underlying partition is - ;; not found, try again after - ;; waiting a second, up to ten - ;; times. FIXME: This should be - ;; dealt with in a more robust way. - (begin (sleep 1) - (loop (- tries-left 1)))))) - (error "LUKS partition not found" source)) - source) - - #$target))))))) + (let ((partition + ;; Note: We cannot use the "UUID=source" syntax here + ;; because 'cryptsetup' implements it by searching the + ;; udev-populated /dev/disk/by-id directory but udev may + ;; be unavailable at the time we run this. + (if (bytevector? source) + (or (let loop ((tries-left 10)) + (and (positive? tries-left) + (or (find-partition-by-luks-uuid source) + ;; If the underlying partition is + ;; not found, try again after + ;; waiting a second, up to ten + ;; times. FIXME: This should be + ;; dealt with in a more robust way. + (begin (sleep 1) + (loop (- tries-left 1)))))) + (error "LUKS partition not found" source)) + source))) + ;; We want to fallback to the password unlock if the keyfile fails. + (or (and keyfile + (zero? (system*/tty + #$(file-append cryptsetup-static "/sbin/cryptsetup") + "open" "--type" "luks" + "--key-file" keyfile + partition #$target))) + (zero? (system*/tty + #$(file-append cryptsetup-static "/sbin/cryptsetup") + "open" "--type" "luks" + partition #$target))))))))) (define (close-luks-device source targets) "Return a gexp that closes TARGET, a LUKS device." @@ -276,6 +285,14 @@ (define luks-device-mapping (close close-luks-device) (check check-luks-device))) +(define* (luks-device-mapping-with-options #:key key-file) + "Return a luks-device-mapping object with open modified to pass the arguments +into the open-luks-device procedure." + (mapped-device-kind + (inherit luks-device-mapping) + (open (λ (source targets) (open-luks-device source targets + #:key-file key-file))))) + (define (open-raid-device sources targets) "Return a gexp that assembles SOURCES (a list of devices) to the RAID device TARGET (e.g., \"/dev/md0\"), using 'mdadm'." From patchwork Thu Jan 11 17:32:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58792 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C33B927BBE2; Thu, 11 Jan 2024 17:33:37 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A784727BBE9 for ; Thu, 11 Jan 2024 17:33:36 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvU-00045B-21; Thu, 11 Jan 2024 12:33:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvR-0003yD-Md for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvR-0001gQ-Cw for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:05 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvO-0007hd-K8 for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 2/6] gnu: bootloader: grub: Add support for loading an additional initrd. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499435829543 (code B ref 65002); Thu, 11 Jan 2024 17:33:02 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:38 +0000 Received: from localhost ([127.0.0.1]:33741 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyuy-0007g6-FS for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:37 -0500 Received: from wolfsden.cz ([37.205.8.62]:45632) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuu-0007fj-Pk for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:35 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id A2AF02506C2; Thu, 11 Jan 2024 17:32:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994353; bh=qX7LRq03g5vzjHhWvoyWy4m3AVYPwBLXGMjLzM9WNqQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Xbo2Whn5VS3vRLwTQUT9a06X1ZTqu0Bk0xKkG7X4w0xBwY43LqLoIZlf0N9plPB21 WCP+ykO5iaIRDl3kcodjbdqnki99NXTDirzNgq2+PNZ/hm9eiUB7zjx9jCf5snM5U5 XN/I6zkcYpvpZGQCEhan4nnbJpsyZkYQysieWqHniS1pl4/oBm0rVD4dVA7815UkOr WSKJgaj0vgufuabUTKtAJdszpnlTOel1uBPW/JWaeUj55BE4j8irEJygBEFoLbBExe rTXDXGsh92FB4LZTqtgsIIQN5niv5wPyfdpYq7BaULdTTxUTq9XB2c60TrIogDqqpp TpcQIdY9F0V7uGL9A52EbnpwXAFP/kUXPUiJfUmz2xJBbn2EsfuGn60A/cbVFD1+gA hoZFYQ/x4Tq0iIk4nbVfUejN8NBKB+7Oa+QYBhvyrcOYzdtr5amIXpXw/3pf8HCRot 1ZKHQ+IYdhh0mHemuBdknPUaHZ4VKOyzdyZN02B50lVM5SXXuK7IWleWFH+pZsrsNO l6TtlDHFc+egKbkrpt1NigNymX5DBmeCYfiCF7l+1VY3U+E8dlr9yxE8xSlpTlGWwc NqnyXBtb8nZSePlasrcmp23Rh2cM/X6NLbocjV7814fCFdIP58BzuLooooy7u6cW8m Ck5E/RSUmKCAGBtklYwl7rQE= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id 20FA8250562; Thu, 11 Jan 2024 17:32:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994353; bh=qX7LRq03g5vzjHhWvoyWy4m3AVYPwBLXGMjLzM9WNqQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Xbo2Whn5VS3vRLwTQUT9a06X1ZTqu0Bk0xKkG7X4w0xBwY43LqLoIZlf0N9plPB21 WCP+ykO5iaIRDl3kcodjbdqnki99NXTDirzNgq2+PNZ/hm9eiUB7zjx9jCf5snM5U5 XN/I6zkcYpvpZGQCEhan4nnbJpsyZkYQysieWqHniS1pl4/oBm0rVD4dVA7815UkOr WSKJgaj0vgufuabUTKtAJdszpnlTOel1uBPW/JWaeUj55BE4j8irEJygBEFoLbBExe rTXDXGsh92FB4LZTqtgsIIQN5niv5wPyfdpYq7BaULdTTxUTq9XB2c60TrIogDqqpp TpcQIdY9F0V7uGL9A52EbnpwXAFP/kUXPUiJfUmz2xJBbn2EsfuGn60A/cbVFD1+gA hoZFYQ/x4Tq0iIk4nbVfUejN8NBKB+7Oa+QYBhvyrcOYzdtr5amIXpXw/3pf8HCRot 1ZKHQ+IYdhh0mHemuBdknPUaHZ4VKOyzdyZN02B50lVM5SXXuK7IWleWFH+pZsrsNO l6TtlDHFc+egKbkrpt1NigNymX5DBmeCYfiCF7l+1VY3U+E8dlr9yxE8xSlpTlGWwc NqnyXBtb8nZSePlasrcmp23Rh2cM/X6NLbocjV7814fCFdIP58BzuLooooy7u6cW8m Ck5E/RSUmKCAGBtklYwl7rQE= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:12 +0100 Message-ID: <1f9c251cf379b579a0e04f5698da0bfdd62f2b90.1704994323.git.~@wolfsden.cz> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Tomas Volf In order to be able to provide decryption keys for the LUKS device, they need to be available in the initial ram disk. However they cannot be stored inside the usual initrd, since it is stored in the store and being a world-readable (as files in the store are) is not a desired property for a initrd containing decryption keys. This commit adds an option to load additional initrd during the boot, one that is not stored inside the store and therefore can contain secrets. Since only grub supports encrypted /boot, only grub is modified to use the extra-initrd. There is no use case for the other bootloaders. * doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd field. * gnu/bootloader.scm (): Add extra-initrd field. * gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd field. --- doc/guix.texi | 49 +++++++++++++++++++++++++++++++++++++++++ gnu/bootloader.scm | 6 ++++- gnu/bootloader/grub.scm | 7 ++++-- 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b1202f2182..87d41e0aae 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -41070,6 +41070,55 @@ Bootloader Configuration @code{u-boot} bootloader, where the device tree has already been loaded in RAM, it can be handy to disable the option by setting it to @code{#f}. + +@item @code{extra-initrd} (default: @code{#f}) +File name of an additional initrd to load during the boot. It may or +may not point to a file in the store, but the main use case is for +out-of-store files containing secrets. + +In order to be able to provide decryption keys for the LUKS device, they +need to be available in the initial ram disk. However they cannot be +stored inside the usual initrd, since it is stored in the store and +being a world-readable (as files in the store are) is not a desired +property for a initrd containing decryption keys. You can therefore use +this field to instruct GRUB to also load a manually created initrd not +stored in the store. + +For any use case not involving secrets, you should use regular initrd +(@pxref{operating-system Reference, @code{initrd}}) instead. + +Suitable image can be created for example like this: + +@example +echo /key-file.bin | cpio -oH newc >/key-file.cpio +chmod 0000 /key-file.cpio +@end example + +After it is created, you can use it in this manner: + +@lisp +;; Operating system with encrypted boot partition +(operating-system + ... + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + ;; Load the initrd with a key file + (extra-initrd "/key-file.cpio"))) + (mapped-devices + (list (mapped-device + (source (uuid "12345678-1234-1234-1234-123456789abc")) + (target "my-root") + (type (luks-device-mapping-with-options + ;; And use it to unlock the root device + #:key-file "/key-file.bin")))))) +@end lisp + +Be careful when using this option, since pointing to a file that is not +readable by the grub while booting will cause the boot to fail and +require a manual edit of the initrd line in the grub menu. + +Currently only supported by GRUB. @end table @end deftp diff --git a/gnu/bootloader.scm b/gnu/bootloader.scm index ba06de7618..f32e90e79d 100644 --- a/gnu/bootloader.scm +++ b/gnu/bootloader.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;;; Copyright © 2022 Josselin Poiret ;;; Copyright © 2022 Reza Alizadeh Majd +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -77,6 +78,7 @@ (define-module (gnu bootloader) bootloader-configuration-serial-unit bootloader-configuration-serial-speed bootloader-configuration-device-tree-support? + bootloader-configuration-extra-initrd %bootloaders lookup-bootloader-by-name @@ -279,7 +281,9 @@ (define-record-type* (serial-speed bootloader-configuration-serial-speed (default #f)) ;integer | #f (device-tree-support? bootloader-configuration-device-tree-support? - (default #t))) ;boolean + (default #t)) ;boolean + (extra-initrd bootloader-configuration-extra-initrd + (default #f))) ;string | #f (define-deprecated (bootloader-configuration-target config) bootloader-configuration-targets diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm index 5f3fcd7074..2723eda5f4 100644 --- a/gnu/bootloader/grub.scm +++ b/gnu/bootloader/grub.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2020 Stefan ;;; Copyright © 2022 Karl Hallsby ;;; Copyright © 2022 Denis 'GNUtoo' Carikli +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -386,7 +387,8 @@ (define* (make-grub-configuration grub config entries store-directory-prefix)) (initrd (normalize-file (menu-entry-initrd entry) device-mount-point - store-directory-prefix))) + store-directory-prefix)) + (extra-initrd (bootloader-configuration-extra-initrd config))) ;; Here DEVICE is the store and DEVICE-MOUNT-POINT is its mount point. ;; Use the right file names for LINUX and INITRD in case ;; DEVICE-MOUNT-POINT is not "/", meaning that the store is on a @@ -397,11 +399,12 @@ (define* (make-grub-configuration grub config entries #~(format port "menuentry ~s { ~a linux ~a ~a - initrd ~a + initrd ~a ~a }~%" #$label #$(grub-root-search device linux) #$linux (string-join (list #$@arguments)) + (or #$extra-initrd "") #$initrd))) (multiboot-kernel (let* ((kernel (menu-entry-multiboot-kernel entry)) From patchwork Thu Jan 11 17:32:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58795 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9D5ED27BBEA; Thu, 11 Jan 2024 17:33:47 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id CF83127BBE2 for ; Thu, 11 Jan 2024 17:33:46 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvW-00047C-K1; Thu, 11 Jan 2024 12:33:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvS-000403-6F for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvR-0001gV-PF for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:05 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvP-0007hl-6P for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 3/6] tests: Add `encrypted-home-os-key-file' installation test. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499436129554 (code B ref 65002); Thu, 11 Jan 2024 17:33:03 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:41 +0000 Received: from localhost ([127.0.0.1]:33746 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyv2-0007gb-Vr for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:41 -0500 Received: from wolfsden.cz ([37.205.8.62]:45634) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuu-0007fl-Pm for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:36 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 68F14250C85; Thu, 11 Jan 2024 17:32:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994354; bh=avZYheE1pEPYdiWuMKQwv7VZx+t+hsnxBKuQbrmg/gw=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=QuY3IeLSJaIABBpxxEJ00BtxiUlejNpIxuivUlfZ8KOJt5FHeXq61ha+0bLk5dp8L mwo2ZaUP7aQXWb0Fxf34W+6pmoOX1cj/sIxxqtOO8CHU90K3e28Im3EPWNM3gLZKmE rEU8LhUnO9+QPBVHseqs8SNyoqPeCpkyl1GUeT/Uvi1oH0QMJP5wd2D3fff6+6CizP q/ylHgOIrCImVf1f0Z2iHdj/CpeTRZlE5xOaImuJi5PV+SeCrPgYGlDEKNdNnI8YF3 cnDQw0cV4fY/TGng1pUdZK6zyIFWcwb01j3Q0dGmXCYYS9Ob7VcIeSNOP1DQfICnE7 LM4wpzHrx2lbXvYC+hxHylsJoDw0QLF2Q8P4mVPA+UvLyKiUfhM5l+PcRRAOLsjRU9 oGjyCCy4uB2caFyvw2KmPfomv0o4GnaFVbNRenZjSy6uNok+jd5A31Sth1olm4lqUM dXLD2njDNL56d5ADWSl6V++aa1Z9zcok0KzThdOVEyvd+Cy+xVIFBDdZYkpUbrfP89 QWMK9iP+ngYr9HCmk2i8ayOajDxv8mljdR2w0RmYRiOmPzmhUADvshEvAFioddjFQ+ 8m6MXmqTnHwSJCfAG5jW6hnLHTbPS524eXxInriWHeFvAOJCNfALwW8NaLP/KY4L39 qHknya3ge8Se9ehFhKy9HxJM= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id F3A372503AE; Thu, 11 Jan 2024 17:32:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994354; bh=avZYheE1pEPYdiWuMKQwv7VZx+t+hsnxBKuQbrmg/gw=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=QuY3IeLSJaIABBpxxEJ00BtxiUlejNpIxuivUlfZ8KOJt5FHeXq61ha+0bLk5dp8L mwo2ZaUP7aQXWb0Fxf34W+6pmoOX1cj/sIxxqtOO8CHU90K3e28Im3EPWNM3gLZKmE rEU8LhUnO9+QPBVHseqs8SNyoqPeCpkyl1GUeT/Uvi1oH0QMJP5wd2D3fff6+6CizP q/ylHgOIrCImVf1f0Z2iHdj/CpeTRZlE5xOaImuJi5PV+SeCrPgYGlDEKNdNnI8YF3 cnDQw0cV4fY/TGng1pUdZK6zyIFWcwb01j3Q0dGmXCYYS9Ob7VcIeSNOP1DQfICnE7 LM4wpzHrx2lbXvYC+hxHylsJoDw0QLF2Q8P4mVPA+UvLyKiUfhM5l+PcRRAOLsjRU9 oGjyCCy4uB2caFyvw2KmPfomv0o4GnaFVbNRenZjSy6uNok+jd5A31Sth1olm4lqUM dXLD2njDNL56d5ADWSl6V++aa1Z9zcok0KzThdOVEyvd+Cy+xVIFBDdZYkpUbrfP89 QWMK9iP+ngYr9HCmk2i8ayOajDxv8mljdR2w0RmYRiOmPzmhUADvshEvAFioddjFQ+ 8m6MXmqTnHwSJCfAG5jW6hnLHTbPS524eXxInriWHeFvAOJCNfALwW8NaLP/KY4L39 qHknya3ge8Se9ehFhKy9HxJM= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:13 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Based on encrypted-home-os, this test verifies unlocking via a key file. * gnu/tests/install.scm (%encrypted-home-os-key-file), (%encrypted-home-os-key-file-source): New variables. (%test-encrypted-home-os-key-file): New exported variables. (%encrypted-home-installation-script): Generate initrd with a key file for unlocking the LUKS. Change-Id: I04460155284bdef7e18da645f2b4b26bd8e86636 --- gnu/tests/install.scm | 74 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index daa4647299..6794bca145 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -35,6 +35,7 @@ (define-module (gnu tests install) #:use-module (gnu packages admin) #:use-module (gnu packages bootloaders) #:use-module (gnu packages commencement) ;for 'guile-final' + #:use-module (gnu packages cpio) #:use-module (gnu packages cryptsetup) #:use-module (gnu packages disk) #:use-module (gnu packages emacs) @@ -67,6 +68,7 @@ (define-module (gnu tests install) %test-raid-root-os %test-encrypted-root-os %test-encrypted-home-os + %test-encrypted-home-os-key-file %test-encrypted-root-not-boot-os %test-btrfs-root-os %test-btrfs-root-on-subvolume-os @@ -975,6 +977,18 @@ (define %encrypted-home-installation-script mkfs.ext4 -L root-fs /dev/vdb2 mkfs.ext4 -L home-fs /dev/mapper/the-home-device mount /dev/vdb2 /mnt + +# This script is used for both encrypted-home-os and encrypted-home-os-key-file +# tests. So we also add the keyfile here. +dd if=/dev/zero of=/key-file.bin bs=4096 count=1 +( cd /mnt; + echo /key-file.bin | cpio -oH newc > key-file.cpio + chmod 0000 key-file.cpio + mv /key-file.bin . +) +echo -n " %luks-passphrase " | \\ + cryptsetup luksAddKey --key-file - -i 1 /dev/vdb3 /mnt/key-file.bin + mkdir /mnt/home mount /dev/mapper/the-home-device /mnt/home df -h /mnt /mnt/home @@ -1018,11 +1032,69 @@ (define %test-encrypted-home-os (mlet* %store-monad ((images (run-install %encrypted-home-os %encrypted-home-os-source #:script - %encrypted-home-installation-script)) + %encrypted-home-installation-script + #:packages (list cpio))) (command (qemu-command* images))) (run-basic-test %encrypted-home-os command "encrypted-home-os" #:initialization enter-luks-passphrase-for-home))))) + +;;; +;;; LUKS-encrypted /home, unencrypted root. The unlock is done using a key +;;; file. +;;; +(define-os-with-source (%encrypted-home-os-key-file + %encrypted-home-os-key-file-source) + (use-modules (gnu) (gnu tests)) + + (operating-system + (host-name "cipherhome") + (timezone "Europe/Prague") + (locale "en_US.utf8") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets (list "/dev/vdb")) + (extra-initrd "/key-file.cpio"))) + (kernel-arguments '("console=ttyS0")) + + (mapped-devices (list (mapped-device + (source (uuid "12345678-1234-1234-1234-123456789abc")) + (target "the-home-device") + (type (luks-device-mapping-with-options + #:key-file "/key-file.bin"))))) + (file-systems (cons* (file-system + (device (file-system-label "root-fs")) + (mount-point "/") + (type "ext4")) + (file-system + (device (file-system-label "home-fs")) + (mount-point "/home") + (type "ext4") + (dependencies mapped-devices)) + %base-file-systems)) + (services (cons (service marionette-service-type + (marionette-configuration + (imported-modules '((gnu services herd) + (guix combinators))))) + %base-services)))) + +(define %test-encrypted-home-os-key-file + (system-test + (name "encrypted-home-os-key-file") + (description + "Test functionality of an OS installed with a LUKS /home partition with +unlock done using a key file") + (value + (mlet* %store-monad ((images (run-install %encrypted-home-os-key-file + %encrypted-home-os-key-file-source + #:script + %encrypted-home-installation-script + #:packages (list cpio))) + (command (qemu-command* images))) + (run-basic-test %encrypted-home-os-key-file + command "encrypted-home-os-key-file"))))) + ;;; ;;; LUKS-encrypted root file system and /boot in a non-encrypted partition. From patchwork Thu Jan 11 17:32:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58790 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9A35527BBEA; Thu, 11 Jan 2024 17:33:31 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id CA20F27BBE2 for ; Thu, 11 Jan 2024 17:33:30 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvU-00045U-1U; Thu, 11 Jan 2024 12:33:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvS-00043S-Uy for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvS-0001gi-La for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:06 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvQ-0007hz-3n for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:04 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 4/6] tests: install: Use the smallest possible iteration time for LUKS. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499436229569 (code B ref 65002); Thu, 11 Jan 2024 17:33:04 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:42 +0000 Received: from localhost ([127.0.0.1]:33750 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyv3-0007gk-Pg for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:42 -0500 Received: from wolfsden.cz ([37.205.8.62]:45650) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuv-0007fn-BD for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:37 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 3B3D5250E80; Thu, 11 Jan 2024 17:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994355; bh=iOcm3XSQu3Wcq9/ZZ6OC8iMlzYTIqZESK0ENVvjZq44=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=adslW5eu9GyogOr4HGLXsL/bAgUz4dF/OlEj5ysjTV/Iuwv+hKXm8dEK/QLfP0bDU e3RRGuaKy34aSzmU7s9sVUDRoR8zJyZ18RkfgbvxH1Q+CtV4FBvi10OjYhGPx4R+JJ 3CdjEZd3I2kHRckpHoU7cgqgAk9JJme/vW9k7xkYV2nz+DBwinD7WafVzOKrqO+Btp 6NYFs+7UZEPRuRTJdxW1oZroGlkHoTEf9wtJDD+yNXrl+J4djluCZP2hx3MBXrulq/ MZiuDXMeW4Ycg9GcgTdKORkK0Kmq4FYUg7RG8m0wf1wnCRtbgpSfhy67c/yAjf076B IvczGGNEsVAakhSw4rviRiRMiN34SNksA8rVXnYl2rUOCUgzTLNy0zNOJy2Ox33hmx vDzWkKG+fKt7QD6pF29w0nk9cw7MyU5E/+84Q97RdoEtoAnwqzdNAj92HHUIQNxwbd ziM0GySZGhaXGC1CADCRNZauyvQ9n7kiUhVfet3i4eq/I+CgocFXyNdySRQIUtomGj U8BWowHy9LhjE9y/2fs3/vjFbEBLQ0fPlUDVP1URbXhz1H9b3+Mo81GCl9IrARjjuH yrS0zAEl+TqO1WRBRNwmo2lgocUu9NkKAs/qQ8yBKh+GAwCwhVfhGuU7hnS/1LxUcr pAOmT5UuC7yzyQcL6ppTNQSU= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id C96A6250172; Thu, 11 Jan 2024 17:32:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994354; bh=iOcm3XSQu3Wcq9/ZZ6OC8iMlzYTIqZESK0ENVvjZq44=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=LPR2zbrC7FdRPjE8x1jPsCiFxy7euWWg0wdxAuy2zKACQXHHIFFEfKvQCkol8tX9/ 45l5I5ByAOeQWwWRR/d8PixZYFlAZCoLX6BupjY4RL5s/4oD1OIte4MN4DHbdjmMbF DIXk6NGYELoPv0F7ZAzJ6ocy4ip8YER/Orar0JyoRtYWinkCMfUCu1r3ZKfPVh6rAH HlQDe9s0TRG/LSQ2WOL9Y2RdRUSisGbUvq0JGXgfAssew46fsw/4A7R/JlHA8iEJgo 5LkwQHm9+uTW6lUhUWnLD24imWM2enHiK7xDB25tWpZhq+DzAC5DHvx3dAHOHurM4u lmDhMIX/lPlTJkFJxe02PmbHPXCWhn2FI16i51WpgWjx+RLUTvkEUysYmpJUyxTNYb x88Kb3pp4npsqKMDxFvGVSKVpJnNlO1mw+rhG7V+X3gnCUL4RGIRjiPYESQ/poOVdi IzQdeeJlYbVHpHqH6lyPVgB3msjLC7yUxkzFAJw0mywv4nnxV69iWIUdMRQBTg5UdO +dJ9Ndw1DOnihF8yO5s3C5Y9EaftkO1jYHJO8owdNmbSMfio1jS+F5K+qNHmIDQGO5 QDrt405eM7j16l5h1i871tHgd/tV83CM/IzukavYWl+nOBgDsdKGZPrC8N7Nq+F06g zK9/m3hD/PlR3OwDex+iBPAI= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:14 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches For testing that installation works, there is no need to spent 2000ms (the default) iterating while generating the encryption key. This commit therefore sets the iteration time to the lowest possible value, 1(ms). * gnu/tests/install.scm (%encrypted-root-installation-script): (%encrypted-home-installation-script): (%encrypted-root-not-boot-installation-script): Pass -i 1 to luksFormat invocation. Change-Id: Iab79459b48bebe4d293b18290a236c6414fb27fc --- gnu/tests/install.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index 6794bca145..c5243f2ed9 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -755,7 +755,7 @@ (define %encrypted-root-installation-script set 1 boot on \\ set 1 bios_grub on echo -n " %luks-passphrase " | \\ - cryptsetup luksFormat --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb2 - + cryptsetup luksFormat -i 1 --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb2 - echo -n " %luks-passphrase " | \\ cryptsetup open --type luks --key-file - /dev/vdb2 the-root-device mkfs.ext4 -L my-root /dev/mapper/the-root-device @@ -970,7 +970,7 @@ (define %encrypted-home-installation-script set 1 bios_grub on echo -n " %luks-passphrase " | \\ - cryptsetup luksFormat --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb3 - + cryptsetup luksFormat -i 1 --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb3 - echo -n " %luks-passphrase " | \\ cryptsetup open --type luks --key-file - /dev/vdb3 the-home-device @@ -1155,7 +1155,7 @@ (define %encrypted-root-not-boot-installation-script mkpart primary ext2 50M 1.6G \\ set 1 boot on \\ set 1 bios_grub on -echo -n \"~a\" | cryptsetup luksFormat --uuid=\"~a\" -q /dev/vdb3 - +echo -n \"~a\" | cryptsetup luksFormat -i 1 --uuid=\"~a\" -q /dev/vdb3 - echo -n \"~a\" | cryptsetup open --type luks --key-file - /dev/vdb3 root mkfs.ext4 -L my-root /dev/mapper/root mkfs.ext4 -L my-boot /dev/vdb2 From patchwork Thu Jan 11 17:32:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58793 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 6E6DF27BBE2; Thu, 11 Jan 2024 17:33:38 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id EF43727BBEB for ; Thu, 11 Jan 2024 17:33:37 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvW-00047F-RZ; Thu, 11 Jan 2024 12:33:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvS-00041s-HV for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvS-0001gc-7R for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:06 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvP-0007hs-LW for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 5/6] tests: install: Fix encrypted-root-os test. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499436129562 (code B ref 65002); Thu, 11 Jan 2024 17:33:03 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:41 +0000 Received: from localhost ([127.0.0.1]:33748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyv3-0007gd-Db for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:41 -0500 Received: from wolfsden.cz ([37.205.8.62]:45658) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuw-0007fo-34 for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:36 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id F181D250A91; Thu, 11 Jan 2024 17:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994355; bh=k7sb1JsNiZc+etQaU04hA0hsNp9FzV26u147SNuPsqk=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Xl7Z+ikmBkwa9dI7LBpWkPLvK2R9vgIfXeGZHKIIsxZkCx/aAbWmwKEyGlEzH8Ieq 1HV+75CiCZliu49RBLVXk+xz5WuTidjDF1WjRQZ833mO4/FdgbSa16KR/sq9k16VGO gUJANorwqhsdz2tAbQwgEfUc/KrsgNeYF6FBtCbayGRUIEmyPfBOIZ2FhFXF1+LCt/ MnkqSn+WcEsPjiZ+hzpQioQFKtRKF5U8LlOFtg0Nss6ouzJPrP3zQHNY1r1NmbOMbU mF+VXgp5ILavTpjxJTXwABXLKSJ4uFzy10DyxVQw84d+FCmJGrVPcfT7v0zbc0K98y reaXzpLll83hv9cfk0pNbpW2D07iNb/w2Brb8lqHrVCWRObJwOn0hn0ntVJff221Ec 9Q7394bpb7GKfTCw+9JeoryDr6Wa6FE6LQ+eHJrgkK6/4Kn6JPkLJvBgvMAYJpoO0Q gInjrxjQp1GFIa8euDyCiTV1r/cttPsTksan4cSvS8jJjNodyOnGDEuqj701EV2MUL uxTcMKqqIe2MBeamlsxtrUaHuTUDhwTboX3Mtv2PZV6u/kQVDDMf5VHY661kbb5DKR rnQAnVHuww7P55+XJCqeNqOXIWkTOYxGZW7jXfGnhOOILGDcNw1ScPc/zk9Ze7ODQx cBgjEbmEVo/jmmANeAwenkVM= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id A14F224FBCA; Thu, 11 Jan 2024 17:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994355; bh=k7sb1JsNiZc+etQaU04hA0hsNp9FzV26u147SNuPsqk=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Xl7Z+ikmBkwa9dI7LBpWkPLvK2R9vgIfXeGZHKIIsxZkCx/aAbWmwKEyGlEzH8Ieq 1HV+75CiCZliu49RBLVXk+xz5WuTidjDF1WjRQZ833mO4/FdgbSa16KR/sq9k16VGO gUJANorwqhsdz2tAbQwgEfUc/KrsgNeYF6FBtCbayGRUIEmyPfBOIZ2FhFXF1+LCt/ MnkqSn+WcEsPjiZ+hzpQioQFKtRKF5U8LlOFtg0Nss6ouzJPrP3zQHNY1r1NmbOMbU mF+VXgp5ILavTpjxJTXwABXLKSJ4uFzy10DyxVQw84d+FCmJGrVPcfT7v0zbc0K98y reaXzpLll83hv9cfk0pNbpW2D07iNb/w2Brb8lqHrVCWRObJwOn0hn0ntVJff221Ec 9Q7394bpb7GKfTCw+9JeoryDr6Wa6FE6LQ+eHJrgkK6/4Kn6JPkLJvBgvMAYJpoO0Q gInjrxjQp1GFIa8euDyCiTV1r/cttPsTksan4cSvS8jJjNodyOnGDEuqj701EV2MUL uxTcMKqqIe2MBeamlsxtrUaHuTUDhwTboX3Mtv2PZV6u/kQVDDMf5VHY661kbb5DKR rnQAnVHuww7P55+XJCqeNqOXIWkTOYxGZW7jXfGnhOOILGDcNw1ScPc/zk9Ze7ODQx cBgjEbmEVo/jmmANeAwenkVM= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:15 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The installation no longer fits into the 1.6G, leading to a warning while running the test: guix system: warning: at least 1526.8 MB needed but only 1408.4 MB available in /mnt Followed by a failure: 93% [#################################################################### ]note: build failure may have been caused by lack of free disk space builder for `/gnu/store/8wl8q8nc1za0vlyv21jpzwgml45njgk2-module-import-compiled.drv' failed with exit code 1 This commit increases the root partition to 2G, making the test pass again. * gnu/tests/install.scm (%encrypted-root-installation-script): Increase the root partition to 2G. Change-Id: I4cc5c78cfbd93ab2ae92ec77603ce6fee0289843 --- gnu/tests/install.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index c5243f2ed9..f553eeaa3e 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -751,7 +751,7 @@ (define %encrypted-root-installation-script ls -l /run/current-system/gc-roots parted --script /dev/vdb mklabel gpt \\ mkpart primary ext2 1M 3M \\ - mkpart primary ext2 3M 1.6G \\ + mkpart primary ext2 3M 2G \\ set 1 boot on \\ set 1 bios_grub on echo -n " %luks-passphrase " | \\ From patchwork Thu Jan 11 17:32:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 58794 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 981FA27BBEA; Thu, 11 Jan 2024 17:33:44 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D302927BBE2 for ; Thu, 11 Jan 2024 17:33:43 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rNyvW-000475-8h; Thu, 11 Jan 2024 12:33:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rNyvU-00045c-1N for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:08 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rNyvT-0001hF-NY for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:07 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rNyvR-0007iG-5k for guix-patches@gnu.org; Thu, 11 Jan 2024 12:33:05 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#65002] [PATCH 6/6] tests: install: Fix encrypted-home-os, encrypted-home-os-key-file tests. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 17:33:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65002 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65002@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 65002-submit@debbugs.gnu.org id=B65002.170499436329584 (code B ref 65002); Thu, 11 Jan 2024 17:33:05 +0000 Received: (at 65002) by debbugs.gnu.org; 11 Jan 2024 17:32:43 +0000 Received: from localhost ([127.0.0.1]:33754 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rNyv4-0007gz-RL for submit@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:43 -0500 Received: from wolfsden.cz ([37.205.8.62]:45670) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rNyuy-0007fz-G0 for 65002@debbugs.gnu.org; Thu, 11 Jan 2024 12:32:37 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id BC72424E78E; Thu, 11 Jan 2024 17:32:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994356; bh=4W2mKhUSO+cz/tcGaBbvev3+QUVwWLGHOFB6itFgAnM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=L1521DcskwzLN1WkgD4qgvke6pKCKCFW4h4AMEEQNa3W6ohGZja3zaHeBEd1Ij8Ve EBu2lc1pS7Pu8AZjwN+pnZyNUp6JhBS81VhVXvGQjZgBdat+zEsxIuzf8q+i9qYUqT bs1kJ2fLBmNz5GdIEtbgtnAQh3fLGTu2ss0Qq90Oy+vdYkYO4Gq51za5YYBd5GqQWv x1KLgy82I/R7Aagzf2E4LnfxTw9GaNIThfx74ZC5saZ2OYM07acVba5jSfjjaW32WO bbE9lipKu4eQ9ktIqzzxVOhN8Aw/57y30BtBIGoOb8drxY3GLalYyEWArxijqJs/XY SfmngO3vLTYFmnT4ma6jt9avRwlWpg6F5HtB4VWfWFMlyjD/KEytOoykXKRylKyh/i tSChWy4AovrKdQvT57Vq7+WWthRwxIT1oRQ/4m/hrSRG3n09/LoeALsBsdcuMSasjm fyYYOSA2Pu9XeIypUnu7vkOOpYhRSj3JTHjpnUTsfTn8FPl5YWErysV8drf8i9S7kw 9ghu4kBPgiLjlxeZ04GmVOFnrV3d3jbRWs1xr6xoVQfsPSOdeHkUgAK/++lxJnvGkp rpTLgxBA30MvqcwGfo91JmjtWCZqu9nD6CVhwLm2MbSBwijAoVBNnZNKHdHGNpbHPl qYi+HU2ckoyagy8Abxbqwsxk= Received: from localhost (unknown [193.32.127.158]) by wolfsden.cz (Postfix) with ESMTPSA id 6995024F5C1; Thu, 11 Jan 2024 17:32:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704994356; bh=4W2mKhUSO+cz/tcGaBbvev3+QUVwWLGHOFB6itFgAnM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=L1521DcskwzLN1WkgD4qgvke6pKCKCFW4h4AMEEQNa3W6ohGZja3zaHeBEd1Ij8Ve EBu2lc1pS7Pu8AZjwN+pnZyNUp6JhBS81VhVXvGQjZgBdat+zEsxIuzf8q+i9qYUqT bs1kJ2fLBmNz5GdIEtbgtnAQh3fLGTu2ss0Qq90Oy+vdYkYO4Gq51za5YYBd5GqQWv x1KLgy82I/R7Aagzf2E4LnfxTw9GaNIThfx74ZC5saZ2OYM07acVba5jSfjjaW32WO bbE9lipKu4eQ9ktIqzzxVOhN8Aw/57y30BtBIGoOb8drxY3GLalYyEWArxijqJs/XY SfmngO3vLTYFmnT4ma6jt9avRwlWpg6F5HtB4VWfWFMlyjD/KEytOoykXKRylKyh/i tSChWy4AovrKdQvT57Vq7+WWthRwxIT1oRQ/4m/hrSRG3n09/LoeALsBsdcuMSasjm fyYYOSA2Pu9XeIypUnu7vkOOpYhRSj3JTHjpnUTsfTn8FPl5YWErysV8drf8i9S7kw 9ghu4kBPgiLjlxeZ04GmVOFnrV3d3jbRWs1xr6xoVQfsPSOdeHkUgAK/++lxJnvGkp rpTLgxBA30MvqcwGfo91JmjtWCZqu9nD6CVhwLm2MbSBwijAoVBNnZNKHdHGNpbHPl qYi+HU2ckoyagy8Abxbqwsxk= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 11 Jan 2024 18:32:16 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The installation no longer fits into the 1.6G, leading to a warning while running the test: guix system: warning: at least 1526.8 MB needed but only 1408.4 MB available in /mnt Followed by a failure: 93% [#################################################################### ]note: build failure may have been caused by lack of free disk space builder for `/gnu/store/8wl8q8nc1za0vlyv21jpzwgml45njgk2-module-import-compiled.drv' failed with exit code 1 This commit increases the root partition to 2G, making the test pass again. * gnu/tests/install.scm (%encrypted-root-installation-script): Increase the root partition to 2G. (%test-encrypted-home-os), (%test-encrypted-home-os-key-file): Increase the target size to 3G to accommodate for the larger root partition. Change-Id: I0f7092f7b7fc9992d3f895a1eaecf1f2065b7360 --- gnu/tests/install.scm | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index f553eeaa3e..f9e766e532 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -964,8 +964,8 @@ (define %encrypted-home-installation-script export GUIX_BUILD_OPTIONS=--no-grafts parted --script /dev/vdb mklabel gpt \\ mkpart primary ext2 1M 3M \\ - mkpart primary ext2 3M 1.6G \\ - mkpart primary 1.6G 2.0G \\ + mkpart primary ext2 3M 2G \\ + mkpart primary 2G 2.4G \\ set 1 boot on \\ set 1 bios_grub on @@ -1033,7 +1033,9 @@ (define %test-encrypted-home-os %encrypted-home-os-source #:script %encrypted-home-installation-script - #:packages (list cpio))) + #:packages (list cpio) + #:target-size + (* 3000 MiB))) (command (qemu-command* images))) (run-basic-test %encrypted-home-os command "encrypted-home-os" #:initialization enter-luks-passphrase-for-home))))) @@ -1090,7 +1092,9 @@ (define %test-encrypted-home-os-key-file %encrypted-home-os-key-file-source #:script %encrypted-home-installation-script - #:packages (list cpio))) + #:packages (list cpio) + #:target-size + (* 3000 MiB))) (command (qemu-command* images))) (run-basic-test %encrypted-home-os-key-file command "encrypted-home-os-key-file")))))